dcfb8321c9b1fe8b459a9f880de359cec853e7899ba432da0754cb4c37f7a262

Sharing

Copy URL Twitter E-mail

General

Target

dcfb8321c9b1fe8b459a9f880de359cec853e7899ba432da0754cb4c37f7a262
Size

3.5MB
MD5

547e7f4bac41cee7081f33a9c1cca815
SHA1

ff936875025a12d7130e841e3844e3e0b2e82a54
SHA256

dcfb8321c9b1fe8b459a9f880de359cec853e7899ba432da0754cb4c37f7a262
SHA512

9ec9b18b01ce2327a2d7852de99a90c6921fc2e5a7eb85c1bd4c305ab05a66050e2136477a4226333590667e9a5701c8228a28174fc008d8e38bfccb653ded4a
SSDEEP

49152:yZKWfPw01ZQePh2pEtuj+ID5MhdyF1SoddQJ1siJOKkz74tbZgvF4XfnRWOHTAqf:zFMjUphMoYuGt/

Score

N/A

Malware Config

Signatures

Files

dcfb8321c9b1fe8b459a9f880de359cec853e7899ba432da0754cb4c37f7a262
.rar
LoaderDll.dll
.dll windows x86

7b56b6bdc35f3b2666aa08133cc07ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateSection
NtQueryInformationProcess
NtOpenProcess
RtlInitUnicodeString
LdrLoadDll
RtlPopFrame
NtClose
NtOpenDirectoryObject
NtDuplicateObject
RtlGetLastWin32Error
LdrFindEntryForAddress
NtUnmapViewOfSection
NtOpenSection
NtMapViewOfSection
RtlPushFrame
swprintf

kernel32

CreateProcessInternalW

Exports

Exports

LeCreateProcess

Sections

.Asuna
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 570B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LocaleEmulator.dll
.dll windows x86

2739894eb9a285a97b16eb70eddc0dc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnwprintf
LdrUnregisterDllNotification
_vscwprintf
NtInitializeNlsFiles
LdrRegisterDllNotification
RtlInitializeCriticalSectionAndSpinCount
RtlUnicodeToMultiByteN
RtlPopFrame
RtlEnterCriticalSection
RtlMultiByteToUnicodeN
RtlLeaveCriticalSection
RtlPushFrame
RtlGetVersion
NtQueryKey
NtCreateSection
RtlEqualUnicodeString
NtOpenKey
RtlValidateUnicodeString
RtlFreeUnicodeString
LdrLoadDll
RtlInitCodePageTable
NtClose
NtOpenDirectoryObject
NtDuplicateObject
NtQueryDirectoryObject
RtlKnownExceptionFilter
NtUnmapViewOfSection
NtContinue
RtlCustomCPToUnicodeN
NtOpenSection
RtlCreateUnicodeString
NtMapViewOfSection
NtAddAtom
NtDeleteAtom
RtlMultiByteToUnicodeSize
RtlGetLastWin32Error
RtlUnicodeToMultiByteSize
RtlSetLastWin32Error
RtlCompareMemory
RtlDeleteCriticalSection
RtlDestroyHeap
RtlAllocateHeap
NtQueryVirtualMemory
NtQuerySystemInformation
LdrDisableThreadCalloutsForDll
RtlResetRtlTranslations
RtlInitNlsTables
RtlMoveMemory
RtlFreeHeap
RtlCreateHeap
RtlDuplicateUnicodeString
RtlAnsiStringToUnicodeString
NtFreeVirtualMemory
LdrGetProcedureAddress
NtFlushInstructionCache
NtOpenSymbolicLinkObject
LdrInitializeThunk
NtQueryInformationProcess
NtQuerySymbolicLinkObject
RtlUpcaseUnicodeString
NtOpenProcess
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
RtlGetFrame
NtReadFile
LdrLockLoaderLock
NtAllocateVirtualMemory
RtlReAllocateHeap
NtQueryAttributesFile
NtRaiseHardError
RtlImageNtHeader
NtReadVirtualMemory
RtlInitAnsiString
RtlFormatCurrentUserKeyPath
NtQueryInformationFile
NtProtectVirtualMemory
NtWriteVirtualMemory
LdrFindEntryForAddress
LdrUnlockLoaderLock
RtlOpenCurrentUser
RtlExpandEnvironmentStrings_U
NtQueryValueKey
RtlFreeAnsiString
swprintf
_wcsicmp
RtlUnwind

Exports

Exports

GetFileAttributesA

Sections

.Asuna
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tl;note.txt
krkr.cf
version.dll
.dll windows x86

addae633f4ad9d2d6bebe4a49454240b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateExA
DirectDrawEnumerateA

dsound

ord3

kernel32

LoadLibraryExW
FindNextFileW
SearchPathW
GetFileAttributesW
CreateFileW
DeleteFileW
CreateDirectoryW
GetTempPathW
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
OpenMutexW
IsDebuggerPresent
GetCurrentDirectoryW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateMutexW
OpenEventW
CreateEventW
SetLastError
RemoveDirectoryA
GetFullPathNameW
VirtualProtect
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindFirstFileW
ExitProcess
SetCurrentDirectoryW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
VirtualQuery
GetSystemDirectoryW
IsProcessorFeaturePresent
GetModuleHandleW
FlushInstructionCache
VirtualAlloc
GetCurrentThreadId
GetLastError
VirtualFree

user32

ChangeDisplaySettingsExW
ChangeDisplaySettingsW
EnumDisplaySettingsW
EnumDisplayDevicesW
GetMonitorInfoW
MessageBoxW
GetDC
SetWindowLongA
DestroyWindow
PeekMessageW
PeekMessageA
GetClassLongA
DispatchMessageA
DefWindowProcW
DefWindowProcA
AppendMenuW
InsertMenuW
InsertMenuItemW
GetMonitorInfoA

gdi32

AddFontResourceExW
GetCharABCWidthsFloatW
DeleteDC
GetKerningPairsW
CreateFontIndirectW
CreateCompatibleDC
TextOutW
GetTextExtentPoint32W
GetTextExtentPointW
DeleteObject
SelectObject
EnumFontFamiliesExW
EnumFontsW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list
__current_exception_context
memcpy
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
wcsrchr
strrchr
__current_exception
memmove

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

wcscpy_s
strcpy_s
wcscat_s

api-ms-win-crt-stdio-l1-1-0

fseek
_wfopen_s
ftell
fread
fclose

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
欲求不満妻.eXe
.exe windows x86

0de7e9f02e5ef33ba0c37ce83b044912

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProfileStringA
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetTempPathA
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsDBCSLeadByte
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LocalLock
LocalSize
LocalUnlock
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenEventA
OpenProcess
RaiseException
ReadFile
RemoveDirectoryA
RemoveDirectoryW
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadIdealProcessor
SetThreadLocale
SetThreadPriority
SignalObjectAndWait
SizeofResource
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

mpr

WNetCloseEnum
WNetEnumResourceA
WNetGetUniversalNameA
WNetOpenEnumA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ord17
ImageList_DrawEx

gdi32

BitBlt
CombineRgn
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePen
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
EnumFontFamiliesExA
EnumFontsA
ExcludeClipRect
ExtCreateRegion
ExtTextOutA
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetGlyphOutlineA
GetObjectA
GetOutlineTextMetricsA
GetPaletteEntries
GetPixel
GetROP2
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
TextOutA
UnrealizeObject

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
ChangeDisplaySettingsA
CharLowerA
CharLowerBuffA
CharLowerW
CharNextA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CreateCaret
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndPaint
EnumClipboardFormats
EnumDisplaySettingsA
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPriorityClipboardFormat
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
InvertRect
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadCursorFromFileA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TrackPopupMenuEx
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSystemMenu

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

ole32

CoCreateGuid
CoInitialize
CoTaskMemAlloc
CoUninitialize
IsEqualGUID
StringFromGUID2

oleaut32

GetErrorInfo
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeTypeEx
VariantClear
VariantCopyInd

Exports

Exports

@@Confmainframeunit@Finalize
@@Confmainframeunit@Initialize
@@Confsettingsunit@Finalize
@@Confsettingsunit@Initialize
@@Consoleformunit@Finalize
@@Consoleformunit@Initialize
@@Fontselectformunit@Finalize
@@Fontselectformunit@Initialize
@@Haltwarnformunit@Finalize
@@Haltwarnformunit@Initialize
@@Mainformunit@Finalize
@@Mainformunit@Initialize
@@Menucontainerformunit@Finalize
@@Menucontainerformunit@Initialize
@@Padformunit@Finalize
@@Padformunit@Initialize
@@Tlogviewer@Finalize
@@Tlogviewer@Initialize
@@Versionformunit@Finalize
@@Versionformunit@Initialize
@@Watchformunit@Finalize
@@Watchformunit@Initialize
@@Windowformunit@Finalize
@@Windowformunit@Initialize
TVPGetFunctionExporter
_ConfMainFrame
_ConfSettingsForm
_TVPConsoleForm
_TVPFontSelectForm
_TVPHaltWarnForm
_TVPMainForm
_TVPMenuContainerForm
_TVPPadForm
_TVPVersionForm
_TVPWatchForm
_TVPWindowForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 473KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ConstSeg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DataSeg
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CodeSeg
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

adata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b56b6bdc35f3b2666aa08133cc07ee9

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.Asuna Size: 4KB - Virtual size: 3KB

.idata Size: 1024B - Virtual size: 570B

.reloc Size: 512B - Virtual size: 56B

2739894eb9a285a97b16eb70eddc0dc0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Exports

Exports

Sections

.Asuna Size: 56KB - Virtual size: 56KB

.idata Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

addae633f4ad9d2d6bebe4a49454240b

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

dsound

kernel32

user32

gdi32

advapi32

ole32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 4KB

0de7e9f02e5ef33ba0c37ce83b044912

Headers

File Characteristics

Imports

advapi32

kernel32

mpr

version

comctl32

gdi32

shell32

user32

imm32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 473KB - Virtual size: 1.1MB

.tls Size: 512B - Virtual size: 4KB

ConstSeg Size: 512B - Virtual size: 4KB

.Asuna
Size: 4KB - Virtual size: 3KB

.idata
Size: 1024B - Virtual size: 570B

.reloc
Size: 512B - Virtual size: 56B

.Asuna
Size: 56KB - Virtual size: 56KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 473KB - Virtual size: 1.1MB

.tls
Size: 512B - Virtual size: 4KB

ConstSeg
Size: 512B - Virtual size: 4KB

DataSeg
Size: 16KB - Virtual size: 20KB

CodeSeg
Size: 50KB - Virtual size: 52KB

adata
Size: 1KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 13KB - Virtual size: 16KB

.didata
Size: 1KB - Virtual size: 4KB

.edata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 136KB - Virtual size: 140KB